Using Backtrack 4: Information Gathering: DNS: dnsmap-bulk

dnsmap-bulk Description: This script lets you do “bulk” mapping of multiple domains using dnsmap. Purpose: Mapping domains and subdomains, finding remote access or unpatched servers, and finding embedded devices like IP cameras. Stage: Information Gathering Opening Instructions: usage: dnsmap-bulk.sh <domains-file> [results-path]e.g.:dnsmap-bulk.sh domains.txtdnsmap-bulk.sh domains.txt /tmp/

Using Backtrack 4: Information Gathering: DNS: dnsmap

dnsmap Description (from the README): “FUN THINGS THAT CAN HAPPEN 1. Finding interesting remote access servers (i.e.: https://extranet.targetdomain.com) 2. Finding badly configured and/or unpatched servers (i.e.: test.targetdomain.com) 3. Finding new domain names which will allow you to map non-obvious/hard-to-find netblocks of your target organization (registry lookups – aka whois is your friend) 4. Sometimes you …

Using Backtrack 4: Information Gathering: DNS: dnsenum

dnsenum Description: The purpose of Dnsenum is to gather information about a domain. The program currently performs the following operations: 1) Get the host’s address (A record).2) Get the domain’s nameservers.3) Get MX (mail) records.4) Perform axfr queries on nameservers.5) Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).6) Brute …

Using Backtrack 4: Information Gathering: DNS: DNS-walk

DNS-walk Description: DNS-walk is a CLI tool that requests a zone transfer from a specified domain. This highly specific DNS configuration information is useful for debugging – or subverting – a domain’s DNS setup. Obviously it will only be useful to someone with a deep knowledge of DNS, but if you’re studying the hacking art, …

Using BackTrack 4: Information Gathering: SEAT

SEAT: the Search Engine Assessment Tool Description A GUI interface tool from Midnight Research Labs:http://midnightresearch.com/projects/search-engine-assessment-tool/.Think of it as half search engine (to deeply scan domains) and half exploit-matching tool (because it helps you find exploits for specific vulnerabilities). Stage SEAT is a tool for initial Information Gathering. Description SEAT (Search Engine Assessment Tool) is the …

Using BackTrack: Information Gathering: Archive: Metagoofil

Metagoofil Description: Metagoofil is a tool for combing through documents on a site and mining meta information. It can search not just HTML pages, but Word docs, Excel spreadsheets, Powerpoint presentations and almost anything else left lying around. Purpose: Use it to find email addresses, user names and potentially passwords. Stage: Information Gathering Manual page: …

Using Backtrack: Changing your MAC address

macchanger Purpose: To change your MAC address, for obvious reasons. Discussion: Use this tool before starting Network services. Example: macchanger -a eth0 This will assign a random MAC to eth0. Tutorial: http://www.techkranti.com/2010/02/change-mac-address-in-backtrack.html

Using Backtrack

The Backtrack distribution, maintained by Offensive Security, is the gold standard for penetration testing (white hat or otherwise). It contains an intimidatingly large selection of tools, but is really designed for a very adept user. If you haven’t studied networking, many of them won’t make sense, and even if you have it’s not always very …